Repositories for building OpenShift Service Mesh (OSSM) for the OpenShift Container Platform.

OpenShift Service Mesh (OSSM) is based on Istio and tries to follow that upstream project very closely.

The repositories you find here will generally be up to date with the upstream Istio repositories, with some small changes mainly related to building and shipping releases. In the repositories section we'll provide a brief overview of some of the repositories in this org to help you get started.

The vast majority of development of OpenShift Service Mesh (OSSM) happens in upstream Istio (importantly this includes the Sail Operator, which is at the center of how we deploy and manage the lifecycle of Istio), the most notable exceptions being some areas related to Envoy Proxy (which are deployed as sidecars to Pods within the mesh to control and shape traffic (See the Istio Architecture documentation for more details) or other building and testing configurations specific to OSSM. So as a developer on OSSM, you'll mostly be following the pattern of "develop in upstream, build in downstream".

In the following sections we'll provide some steps which contain guidance on how to go from just starting to actively developing and building Istio, and getting involved with the community. In later sections we'll also cover some of the notable areas where we have OSSM specific tooling in the repositories.

If you're unfamiliar with Istio in general, it can be worthwhile to use and experiment with it prior to trying to develop for it. We strongly recommend you check out the main Istio documentation and specifically work through some of the working examples provided there as deploying and experimenting with those can help you more quickly understand how Istio works and help illuminate some of the components involved.

We recommend all new developers start by reading the Preparing for Istio Development Wiki. This will provide some insights into where things are and how to get started. After you've familiarized yourself with the basics, check out the General Istio Wiki for guidance on other specific subjects.

Development documentation is not be-all and end-all for an aspiring Istio developer. Istio is a community driven project, and so to be a successful Istio developer (and therefore OSSM developer as well) you inherently need to be engaged with the Istio upstream development ecosystem. After reading through the wikis and trying some things out yourself, go get involved!

Most of development and some testing happens entirely in upstream Istio. That being said, there are a few places in the repositories you'll find here in this org where OpenShift specific patches or build tooling can be found, which we will provide some notes on.

First and foremost, we have a fork of the main Istio repository which you'll find at openshift-service-mesh/istio. Largely this is kept up to date with upstream istio/istio, but you will find some small fixes (many relating to timeouts) which enable us to run the upstream integration tests on OpenShift CI. Look in the prow/ directly for scripts specifically related to running integration tests for OSSM.

It's important to note that in addition to the regular upstream Istio org there is also an Istio Ecosystem organization which houses projects that relate to or enhance Istio. Notably there is a Kubernetes operator in this organization called istio-ecosystem/sail-operator which is key to how Istio is deployed and managed on OpenShift clusters. We keep a fork of this at openshift-service-mesh/sail-operator which is mostly 1:1 with the upstream, but notably there's an ossm/ directory added related which relates to OpenShift specific build options.

Upstream Istio includes the istio/proxy repository which provides Istio-specific options over Envoy Proxy. For OpenShift we wrap this repository as well in openshift-service-mesh/proxy. Most of the differences you'll find from upstream here relate to integrating our alternative envoyproxy/envoy-openssl (which is necessary for FIPS compliance).